LINE Pay leaks around 133,000 users' data to GitHub, of all places

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.

Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.

Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers. Although names, addresses, telephone, credit card and bank account numbers were not shared, the names of the users and other details could be traced with a little effort.

The information – which covered of over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users – was accessed 11 times during the ten weeks it was available online.

The information has since been removed, and LINE said users have been notified. The fintech division of the communication app company issued an apology and promised to train staff better.

• Singaporean superapp Grab IPOs – badly – and promises to focus on maps and money
• Asia's 'superapps' bundle ride-share, food delivery, even financial services – and they're beating big tech
• Indonesian web giants Gojek and Tokopedia merge to create Asian super-app

This is not LINE's first security snafu.

Over 100 local political figures and dignitaries who used the company's messaging app had their communications extracted on July 2021 when a cyberattack managed to turn off encryption functions.

Just a few months earlier, in March, infosec concerns led Japanese government officials to stop using the app when it was revealed that some data had made its way to China. Japan had previously relied on the communication app for many regional government communications.

LINE's promise that it will improve may therefore need to be taken with a pinch of salt. ®